I'm all for jumping on the good, old-fashioned Comcast hate train when it's deserved (like my increasingly saturated 105M cable connection that struggles to provide 50-60 during peak periods), but please explain to me how someone running the Xfinity hotspot on their router makes them have a "really vulnerable wifi connection"?
There are two separate networks being broadcast from the access point. One, which connects to the customer's LAN, is available for the owner to use at full speed. The other, which does not connect to the internal LAN, only to the outside world, and is rate limited to ensure full performance of the customer's provisioned speed and is available to outside users. Outside users must authenticate using their Xfinity credentials to connect. These credentials are logged, so if any nefarious activity originates from the connection it will be attributed to it's rightful owner.
The internal network is still password protected (well, as protected as any wireless network can be, I suppose) so no one will be connecting to your private network.
I agree that the Xfinity hotspot should be opt-in because it uses electricity and adds extra RF to what is usually an already noisy spectrum band, but this in no way, shape, or form, makes your wifi connection "really vulnerable". No more vulnerable that wifi already is, anyway. Stop fear-mongering.